Install the Amazon Load Balancer Controller using Helm - Amazon EKS
PrerequisitesStep 1: Create IAM Role using eksctlStep 2: Install Amazon Load Balancer ControllerStep 3: Verify that the controller is installed
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Install the Amazon Load Balancer Controller using Helm

This topic describes how to install the Amazon Load Balancer Controller using Helm, a package manager for Kubernetes, and eksctl. The controller is installed with default options. For more information about the controller, including details on configuring it with annotations, see the Amazon Load Balancer Controller Documentation on GitHub.

In the following steps, replace the example values with your own values.

Prerequisites

Before starting this tutorial, you must install and configure the following tools and resources that you need to create and manage an Amazon EKS cluster.

  • Helm installed locally.

Step 1: Create IAM Role using eksctl

Note

You only need to create an IAM Role for the Amazon Load Balancer Controller one per Amazon account. Check if AmazonEKSLoadBalancerControllerRole exists in the IAM Console. If this role exists, skip to Step 2: Install Amazon Load Balancer Controller.

Create an IAM policy.

  1. Download an IAM policy for the Amazon Load Balancer Controller that allows it to make calls to Amazon APIs on your behalf.

    China Regions
    $ curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.7.2/docs/install/iam_policy_cn.json

    $ mv iam_policy_cn.json iam_policy.json

  2. Create an IAM policy using the policy downloaded in the previous step. 

    $ aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json
    Note

    If you view the policy in the Amazon Web Services Management Console, the console shows warnings for the ELB service, but not for the ELB v2 service. This happens because some of the actions in the policy exist for ELB v2, but not for ELB. You can ignore the warnings for ELB.

Create IAM Role using eksctl

  • Replace my-cluster with the name of your cluster, 111122223333 with your account ID, and then run the command. 

    $ eksctl create iamserviceaccount \
  --cluster=my-cluster \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws-cn:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

Step 2: Install Amazon Load Balancer Controller

Install Amazon Load Balancer Controller using Helm V3

  1. Add the eks-charts Helm chart repository. Amazon maintains this repository on GitHub.

    $ helm repo add eks https://aws.github.io/eks-charts

  2. Update your local repo to make sure that you have the most recent charts.

    $ helm repo update eks

  3. Install the Amazon Load Balancer Controller.

    Replace my-cluster with the name of your cluster. In the following command, aws-load-balancer-controller is the Kubernetes service account that you created in a previous step.

    For more information about configuring the helm chart, see values.yaml on GitHub.

    $ helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=my-cluster \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set enableShield=false \
  --set enableWaf=false \
  --set enableWafv2=false

    1. If you're deploying the controller to Amazon EC2 nodes that have restricted access to the Amazon EC2 instance metadata service (IMDS), or if you're deploying to Fargate, then add the following flags to the helm command that follows:

      • --set region=region-code

      • --set vpcId=vpc-xxxxxxxx

    2. To view the available versions of the Helm Chart and Load Balancer Controller, use the following command:

      helm search repo eks/aws-load-balancer-controller --versions
    Important

    The deployed chart doesn't receive security updates automatically. You need to manually upgrade to a newer chart when it becomes available. When upgrading, change install to upgrade in the previous command.

    The helm install command automatically installs the custom resource definitions (CRDs) for the controller. The helm upgrade command does not. If you use helm upgrade, you must manually install the CRDs. Run the following command to install the CRDs:

    wget https://raw.githubusercontent.com/aws/eks-charts/master/stable/aws-load-balancer-controller/crds/crds.yaml 
kubectl apply -f crds.yaml

Step 3: Verify that the controller is installed

  1. Verify that the controller is installed.

    $ kubectl get deployment -n kube-system aws-load-balancer-controller

    An example output is as follows.

    NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
aws-load-balancer-controller   2/2     2            2           84s

    You receive the previous output if you deployed using Helm. If you deployed using the Kubernetes manifest, you only have one replica.

  2. Before using the controller to provision Amazon resources, your cluster must meet specific requirements. For more information, see Application load balancing on Amazon EKS and Network load balancing on Amazon EKS.